1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.common.lib.auth;
20
21 import java.io.Serializable;
22 import java.util.ArrayList;
23 import java.util.List;
24 import java.util.Map;
25 import java.util.concurrent.TimeUnit;
26 import org.apache.syncope.common.lib.AbstractLDAPConf;
27 import org.apache.syncope.common.lib.to.AuthModuleTO;
28 import org.apache.syncope.common.lib.types.X509PolicySetting;
29 import org.apache.syncope.common.lib.types.X509PrincipalType;
30 import org.apache.syncope.common.lib.types.X509RevocationCheckerType;
31 import org.apache.syncope.common.lib.types.X509RevocationFetcherType;
32 import org.apache.syncope.common.lib.types.X509SubjectDnFormat;
33
34 public class X509AuthModuleConf implements LDAPDependantAuthModuleConf {
35
36 private static final long serialVersionUID = 1915254775199296906L;
37
38 public static class LDAP extends AbstractLDAPConf implements Serializable {
39
40 private static final long serialVersionUID = -7274446267090678730L;
41
42
43
44
45 private String certificateAttribute = "certificateRevocationList";
46
47 public String getCertificateAttribute() {
48 return certificateAttribute;
49 }
50
51 public void setCertificateAttribute(final String certificateAttribute) {
52 this.certificateAttribute = certificateAttribute;
53 }
54 }
55
56
57
58
59 private String name;
60
61
62
63
64 private int order = Integer.MAX_VALUE;
65
66
67
68
69 private int revocationPolicyThreshold = 172_800;
70
71
72
73
74 private boolean checkAll;
75
76
77
78
79
80 private int refreshIntervalSeconds = 3_600;
81
82
83
84
85
86 private boolean throwOnFetchFailure;
87
88 private X509PrincipalType principalType = X509PrincipalType.SUBJECT_DN;
89
90
91
92
93 private String principalAlternateAttribute;
94
95
96
97
98 private X509SubjectDnFormat principalTypeSubjectDnFormat = X509SubjectDnFormat.DEFAULT;
99
100
101
102
103
104 private String principalTypeSerialNoDnSerialNumberPrefix = "SERIALNUMBER=";
105
106
107
108
109
110 private String principalTypeSerialNoDnValueDelimiter = ", ";
111
112
113
114
115
116 private int principalTypeSerialNoSNRadix;
117
118
119
120
121
122 private boolean principalTypeSerialNoHexSNZeroPadding;
123
124
125
126
127 private X509RevocationCheckerType revocationChecker = X509RevocationCheckerType.NONE;
128
129
130
131
132 private X509RevocationFetcherType crlFetcher = X509RevocationFetcherType.RESOURCE;
133
134
135
136
137 private final List<String> crlResources = new ArrayList<>(0);
138
139
140
141
142 private int cacheMaxElementsInMemory = 1_000;
143
144
145
146
147 private boolean cacheDiskOverflow;
148
149
150
151
152 private String cacheDiskSize = "100MB";
153
154
155
156
157 private boolean cacheEternal;
158
159
160
161
162
163
164 private boolean mixedMode = true;
165
166
167
168
169 private long cacheTimeToLiveSeconds = TimeUnit.HOURS.toSeconds(4);
170
171
172
173
174 private X509PolicySetting crlResourceUnavailablePolicy = X509PolicySetting.DENY;
175
176
177
178
179
180 private X509PolicySetting crlResourceExpiredPolicy = X509PolicySetting.DENY;
181
182
183
184
185
186 private X509PolicySetting crlUnavailablePolicy = X509PolicySetting.DENY;
187
188
189
190
191
192 private X509PolicySetting crlExpiredPolicy = X509PolicySetting.DENY;
193
194
195
196
197 private String regExTrustedIssuerDnPattern;
198
199
200
201
202
203 private int maxPathLength = 1;
204
205
206
207
208
209 private boolean maxPathLengthAllowUnspecified = false;
210
211
212
213
214 private boolean checkKeyUsage = false;
215
216
217
218
219
220 private boolean requireKeyUsage = false;
221
222
223
224
225 private String regExSubjectDnPattern = ".+";
226
227
228
229
230
231
232
233
234 private boolean extractCert;
235
236
237
238
239 private String sslHeaderName = "ssl_client_cert";
240
241 private LDAP ldap;
242
243 @Override
244 public AbstractLDAPConf ldapInstance() {
245 return new X509AuthModuleConf.LDAP();
246 }
247
248 public String getName() {
249 return name;
250 }
251
252 public void setName(final String name) {
253 this.name = name;
254 }
255
256 public int getOrder() {
257 return order;
258 }
259
260 public void setOrder(final int order) {
261 this.order = order;
262 }
263
264 public int getRevocationPolicyThreshold() {
265 return revocationPolicyThreshold;
266 }
267
268 public void setRevocationPolicyThreshold(final int revocationPolicyThreshold) {
269 this.revocationPolicyThreshold = revocationPolicyThreshold;
270 }
271
272 public boolean isCheckAll() {
273 return checkAll;
274 }
275
276 public void setCheckAll(final boolean checkAll) {
277 this.checkAll = checkAll;
278 }
279
280 public int getRefreshIntervalSeconds() {
281 return refreshIntervalSeconds;
282 }
283
284 public void setRefreshIntervalSeconds(final int refreshIntervalSeconds) {
285 this.refreshIntervalSeconds = refreshIntervalSeconds;
286 }
287
288 public boolean isThrowOnFetchFailure() {
289 return throwOnFetchFailure;
290 }
291
292 public void setThrowOnFetchFailure(final boolean throwOnFetchFailure) {
293 this.throwOnFetchFailure = throwOnFetchFailure;
294 }
295
296 public X509PrincipalType getPrincipalType() {
297 return principalType;
298 }
299
300 public void setPrincipalType(final X509PrincipalType principalType) {
301 this.principalType = principalType;
302 }
303
304 public String getPrincipalAlternateAttribute() {
305 return principalAlternateAttribute;
306 }
307
308 public void setPrincipalAlternateAttribute(final String principalAlternateAttribute) {
309 this.principalAlternateAttribute = principalAlternateAttribute;
310 }
311
312 public X509SubjectDnFormat getPrincipalTypeSubjectDnFormat() {
313 return principalTypeSubjectDnFormat;
314 }
315
316 public void setPrincipalTypeSubjectDnFormat(final X509SubjectDnFormat principalTypeSubjectDnFormat) {
317 this.principalTypeSubjectDnFormat = principalTypeSubjectDnFormat;
318 }
319
320 public String getPrincipalTypeSerialNoDnSerialNumberPrefix() {
321 return principalTypeSerialNoDnSerialNumberPrefix;
322 }
323
324 public void setPrincipalTypeSerialNoDnSerialNumberPrefix(final String principalTypeSerialNoDnSerialNumberPrefix) {
325 this.principalTypeSerialNoDnSerialNumberPrefix = principalTypeSerialNoDnSerialNumberPrefix;
326 }
327
328 public String getPrincipalTypeSerialNoDnValueDelimiter() {
329 return principalTypeSerialNoDnValueDelimiter;
330 }
331
332 public void setPrincipalTypeSerialNoDnValueDelimiter(final String principalTypeSerialNoDnValueDelimiter) {
333 this.principalTypeSerialNoDnValueDelimiter = principalTypeSerialNoDnValueDelimiter;
334 }
335
336 public int getPrincipalTypeSerialNoSNRadix() {
337 return principalTypeSerialNoSNRadix;
338 }
339
340 public void setPrincipalTypeSerialNoSNRadix(final int principalTypeSerialNoSNRadix) {
341 this.principalTypeSerialNoSNRadix = principalTypeSerialNoSNRadix;
342 }
343
344 public boolean isPrincipalTypeSerialNoHexSNZeroPadding() {
345 return principalTypeSerialNoHexSNZeroPadding;
346 }
347
348 public void setPrincipalTypeSerialNoHexSNZeroPadding(final boolean principalTypeSerialNoHexSNZeroPadding) {
349 this.principalTypeSerialNoHexSNZeroPadding = principalTypeSerialNoHexSNZeroPadding;
350 }
351
352 public X509RevocationCheckerType getRevocationChecker() {
353 return revocationChecker;
354 }
355
356 public void setRevocationChecker(final X509RevocationCheckerType revocationChecker) {
357 this.revocationChecker = revocationChecker;
358 }
359
360 public X509RevocationFetcherType getCrlFetcher() {
361 return crlFetcher;
362 }
363
364 public void setCrlFetcher(final X509RevocationFetcherType crlFetcher) {
365 this.crlFetcher = crlFetcher;
366 }
367
368 public int getCacheMaxElementsInMemory() {
369 return cacheMaxElementsInMemory;
370 }
371
372 public void setCacheMaxElementsInMemory(final int cacheMaxElementsInMemory) {
373 this.cacheMaxElementsInMemory = cacheMaxElementsInMemory;
374 }
375
376 public boolean isCacheDiskOverflow() {
377 return cacheDiskOverflow;
378 }
379
380 public void setCacheDiskOverflow(final boolean cacheDiskOverflow) {
381 this.cacheDiskOverflow = cacheDiskOverflow;
382 }
383
384 public String getCacheDiskSize() {
385 return cacheDiskSize;
386 }
387
388 public void setCacheDiskSize(final String cacheDiskSize) {
389 this.cacheDiskSize = cacheDiskSize;
390 }
391
392 public boolean isCacheEternal() {
393 return cacheEternal;
394 }
395
396 public void setCacheEternal(final boolean cacheEternal) {
397 this.cacheEternal = cacheEternal;
398 }
399
400 public boolean isMixedMode() {
401 return mixedMode;
402 }
403
404 public void setMixedMode(final boolean mixedMode) {
405 this.mixedMode = mixedMode;
406 }
407
408 public long getCacheTimeToLiveSeconds() {
409 return cacheTimeToLiveSeconds;
410 }
411
412 public void setCacheTimeToLiveSeconds(final long cacheTimeToLiveSeconds) {
413 this.cacheTimeToLiveSeconds = cacheTimeToLiveSeconds;
414 }
415
416 public X509PolicySetting getCrlResourceUnavailablePolicy() {
417 return crlResourceUnavailablePolicy;
418 }
419
420 public void setCrlResourceUnavailablePolicy(final X509PolicySetting crlResourceUnavailablePolicy) {
421 this.crlResourceUnavailablePolicy = crlResourceUnavailablePolicy;
422 }
423
424 public X509PolicySetting getCrlResourceExpiredPolicy() {
425 return crlResourceExpiredPolicy;
426 }
427
428 public void setCrlResourceExpiredPolicy(final X509PolicySetting crlResourceExpiredPolicy) {
429 this.crlResourceExpiredPolicy = crlResourceExpiredPolicy;
430 }
431
432 public X509PolicySetting getCrlUnavailablePolicy() {
433 return crlUnavailablePolicy;
434 }
435
436 public void setCrlUnavailablePolicy(final X509PolicySetting crlUnavailablePolicy) {
437 this.crlUnavailablePolicy = crlUnavailablePolicy;
438 }
439
440 public X509PolicySetting getCrlExpiredPolicy() {
441 return crlExpiredPolicy;
442 }
443
444 public void setCrlExpiredPolicy(final X509PolicySetting crlExpiredPolicy) {
445 this.crlExpiredPolicy = crlExpiredPolicy;
446 }
447
448 public List<String> getCrlResources() {
449 return crlResources;
450 }
451
452 public String getRegExTrustedIssuerDnPattern() {
453 return regExTrustedIssuerDnPattern;
454 }
455
456 public void setRegExTrustedIssuerDnPattern(final String regExTrustedIssuerDnPattern) {
457 this.regExTrustedIssuerDnPattern = regExTrustedIssuerDnPattern;
458 }
459
460 public int getMaxPathLength() {
461 return maxPathLength;
462 }
463
464 public void setMaxPathLength(final int maxPathLength) {
465 this.maxPathLength = maxPathLength;
466 }
467
468 public boolean isMaxPathLengthAllowUnspecified() {
469 return maxPathLengthAllowUnspecified;
470 }
471
472 public void setMaxPathLengthAllowUnspecified(final boolean maxPathLengthAllowUnspecified) {
473 this.maxPathLengthAllowUnspecified = maxPathLengthAllowUnspecified;
474 }
475
476 public boolean isCheckKeyUsage() {
477 return checkKeyUsage;
478 }
479
480 public void setCheckKeyUsage(final boolean checkKeyUsage) {
481 this.checkKeyUsage = checkKeyUsage;
482 }
483
484 public boolean isRequireKeyUsage() {
485 return requireKeyUsage;
486 }
487
488 public void setRequireKeyUsage(final boolean requireKeyUsage) {
489 this.requireKeyUsage = requireKeyUsage;
490 }
491
492 public String getRegExSubjectDnPattern() {
493 return regExSubjectDnPattern;
494 }
495
496 public void setRegExSubjectDnPattern(final String regExSubjectDnPattern) {
497 this.regExSubjectDnPattern = regExSubjectDnPattern;
498 }
499
500 public boolean isExtractCert() {
501 return extractCert;
502 }
503
504 public void setExtractCert(final boolean extractCert) {
505 this.extractCert = extractCert;
506 }
507
508 public String getSslHeaderName() {
509 return sslHeaderName;
510 }
511
512 public void setSslHeaderName(final String sslHeaderName) {
513 this.sslHeaderName = sslHeaderName;
514 }
515
516 public LDAP getLdap() {
517 return ldap;
518 }
519
520 public void setLdap(final LDAP ldap) {
521 this.ldap = ldap;
522 }
523
524 @Override
525 public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) {
526 return mapper.map(authModule, this);
527 }
528 }